Copy link to clipboard
Copied
Hi,
I enabled encryption on a varchar column in database MS SQL 2019. Now, CF application is generating an error ByteArray objects cannot be converted to strings.
How to enable or register encryption for this database in the CF 2016 server?
Thank you in advance,
Copy link to clipboard
Copied
I went with this guide below to enable Always Encryted and configuration of data source in CF Administrator.
https://community.hostek.com/t/sql-server-always-encrypted-columns/315#heading--ColdFusion
But, I stack on the paragraph under the heading
Using Always Encrypted Columns with ColdFusion
....
You must also ensure that the ColdFusion service account has access to the private key. This service usually runs under the ‘cfusion’ user so you will want to give read permissions for that user to the private key of the ‘Column Master Key’.
Do I need to create a standard user and login as that user and assign to the service ColdFusion 2016 Application Server? Does this service is reffered here as a "cfusion"?
Then, how would I give that user read permissions for the private key of the ‘Column Master Key’? Is that running certlm?
Any help would be greatly appreciated.
Thanks
Copy link to clipboard
Copied
On Windows, it's considered a best practice to create a specific user account with minimal permissions, instead of running CF as "Local Service". You can read about this in the various CF lockdown guides. Once you do this, you can assign permissions to this user explicitly, give the user read permissions for database private keys, whatever you want.
Dave Watts, Eidolon LLC